Assign a system-managed identity to an Event Grid system topic

  • Article

In this article, you learn how to assign a system-assigned or a user-assigned identity to an Event Grid system topic. To learn about managed identities in general, see What are managed identities for Azure resources.

Note

  • You can assign one system-assigned identity and up to two user-assigned identities to a system topic.
  • You can enable identities for system topics associated with global Azure resources such as Azure subscriptions, resource groups, or Azure Maps. System topics for these global sources are also not associated with a specific region.

Enable managed identity for an existing system topic

This section shows you how to enable a managed identity for an existing system topic.

  1. Go to the Azure portal.
  2. Search for event grid system topics in the search bar at the top.
  3. Select the system topic for which you want to enable the managed identity.
  4. Select Identity on the left menu.

Enable system-assigned identity

  1. Turn on the switch to enable the identity.

  2. Select Save on the toolbar to save the setting.

    Identity page for a system topic.

  3. Select Yes on the confirmation message.

    Assign identity to a system topic - confirmation.

  4. Confirm that you see the object ID of the system-assigned managed identity and see a link to assign roles.

    Assign identity to a system topic - completed.

Enable user-assigned identity

  1. First, create a user-assigned identity by following instructions in the Manage user-assigned managed identities article.

  2. On the Identity page, switch to the User assigned tab in the right pane, and then select + Add on the toolbar.

    Image showing the Add button selected in the User assigned tab of the Identity page.

  3. In the Add user managed identity window, follow these steps:

    1. Select the Azure subscription that has the user-assigned identity.
    2. Select the user-assigned identity.
    3. Select Add.

  4. Refresh the list in the User assigned tab to see the added user-assigned identity.

Enable managed identity when creating a system topic

  1. In the Azure portal, in the search bar, search for and select Event Grid System Topics.
  2. On the Event Grid System Topics page, select Create on the toolbar.
  3. On the Basics page of the creation wizard, follow these steps:
    1. For Topic Types, select the type of the topic that supports a system topic. In the following example, Storage Accounts is selected.
    2. For Subscription, select the Azure subscription that contains the Azure resource.
    3. For Resource Group, select the resource group that contains the Azure resource.
    4. For Resource, select the resource.
    5. Specify a name for the system topic.
    6. Enable managed identity:

      1. To enable system-assigned identity, select Enable system assigned identity.

        Image showing the screenshot of system topic creation wizard with system assigned identity option selected.

      2. To enable user assigned identity:

        1. Select User assigned identity, and then select Add user identity.

          Image showing the screenshot of system topic creation wizard with user assigned identity option selected.

        2. In the Add user managed identity window, follow these steps:

          1. Select the Azure subscription that has the user-assigned identity.
          2. Select the user-assigned identity.
          3. Select Add.

Note

  • Currently, Azure portal doesn't allow you to assign both system assigned and user assigned identities when creating a system topic. You can assign both after the system topic is created.
  • Currently, you can't enable a managed identity for a new system topic when creating an event subscription on an Azure resource that supports system topics.

Next steps

Add the identity to an appropriate role (for example, Service Bus Data Sender) on the destination (for example, a Service Bus queue). For detailed steps, see Grant managed identity the access to Event Grid destination.